add metrics & encrypt
This commit is contained in:
@ -355,6 +355,28 @@ Will print the SSH config access after cluster creation.
|
||||
{{</ tab >}}
|
||||
{{</ tabs >}}
|
||||
|
||||
#### ETCD and network encryption by default
|
||||
|
||||
You may need to enable etcd and network encryption in order to preventing any data leak in case of a server is compromised. You can easily do so by adding the following variables:
|
||||
|
||||
{{< highlight host="demo-kube-hcloud" file="kube.tf" >}}
|
||||
|
||||
```tf
|
||||
module "hcloud_kube" {
|
||||
//...
|
||||
|
||||
enable_wireguard = true
|
||||
|
||||
control_planes_custom_config = {
|
||||
secrets-encryption = true,
|
||||
}
|
||||
|
||||
//...
|
||||
}
|
||||
```
|
||||
|
||||
{{< /highlight >}}
|
||||
|
||||
#### Inputs
|
||||
|
||||
As input variables, you have the choice to use environment variables or separated `terraform.tfvars` file.
|
||||
|
@ -436,10 +436,6 @@ If you go to `https://grafana.kube.rocks/dashboards`, you should see a many dash
|
||||
* Prometheus and Grafana itself stats
|
||||
* Flux stats
|
||||
|
||||
{{< alert >}}
|
||||
Some other core components like etcd, scheduler, proxy, and controller manager need to have metrics enabled to be scraped. See K3s docs or [this issue](https://github.com/k3s-io/k3s/issues/3619)
|
||||
{{< /alert >}}
|
||||
|
||||
#### Prometheus
|
||||
|
||||
[](dashboards-prometheus.png)
|
||||
@ -498,6 +494,35 @@ You can easily import some additional dashboards by importing them from Grafana
|
||||
|
||||
[](dashboards-redis.png)
|
||||
|
||||
#### Other core components
|
||||
|
||||
Some other core components like etcd, scheduler, proxy, and controller manager need to have metrics enabled to be scraped. See K3s docs or [this issue](https://github.com/k3s-io/k3s/issues/3619).
|
||||
|
||||
From Terraform Hcloud project, use `control_planes_custom_config` for expose all remaining metrics endpoint:
|
||||
|
||||
{{< highlight host="demo-kube-hcloud" file="kube.tf" >}}
|
||||
|
||||
```tf
|
||||
module "hcloud_kube" {
|
||||
//...
|
||||
|
||||
control_planes_custom_config = {
|
||||
etcd-expose-metrics = true,
|
||||
kube-scheduler-arg = "bind-address=0.0.0.0",
|
||||
kube-controller-manager-arg = "bind-address=0.0.0.0",
|
||||
kube-proxy-arg = "metrics-bind-address=0.0.0.0",
|
||||
}
|
||||
|
||||
//...
|
||||
}
|
||||
```
|
||||
|
||||
{{< /highlight >}}
|
||||
|
||||
{{< alert >}}
|
||||
As above config applies only at cluster initialization, you may change directly `/etc/rancher/k3s/config.yaml` instead and restart K3s server.
|
||||
{{< /alert >}}
|
||||
|
||||
## Logging
|
||||
|
||||
Last but not least, we need to add a logging stack. The most popular one is [Elastic Stack](https://www.elastic.co/elastic-stack), but it's very resource intensive. A more lightweight option is to use [Loki](https://grafana.com/oss/loki/), also part of Grafana Labs.
|
||||
|
Reference in New Issue
Block a user